Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 16.0-CURRENT FreeBSD 15.0-STABLE FreeBSD 14.3-RELEASE FreeBSD 14.3-RELEASE and Ports FreeBSD 14.3-STABLE FreeBSD 14.2-RELEASE FreeBSD 14.2-RELEASE and Ports FreeBSD 14.1-RELEASE FreeBSD 14.1-RELEASE and Ports FreeBSD 14.0-RELEASE FreeBSD 14.0-RELEASE and Ports FreeBSD 13.5-RELEASE FreeBSD 13.5-RELEASE and Ports FreeBSD 13.5-STABLE FreeBSD 13.4-RELEASE FreeBSD 13.4-RELEASE and Ports FreeBSD 13.3-RELEASE FreeBSD 13.3-RELEASE and Ports FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 14.3 FreeBSD Ports 14.3.quarterly FreeBSD Ports 14.2 FreeBSD Ports 14.1 FreeBSD Ports 14.0 FreeBSD Ports 13.5 FreeBSD Ports 13.4 FreeBSD Ports 13.3 FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.9 CentOS 7.8 CentOS 7.7 CentOS 7.6 CentOS 7.5 CentOS 7.4 CentOS 7.3 CentOS 7.2 CentOS 7.1 CentOS 7.0 CentOS 6.10 CentOS 6.9 CentOS 6.8 CentOS 6.7 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 14.0 unstable Debian 13.1.0 Debian 12.12.0 Debian 11.11.0 Debian 10.13.0 Debian 9.13.0 Debian 8.11.1 Debian 7.11.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 Debian 2.0.0 Dell UNIX SVR4 2.2 DragonFly 6.4.0 DragonFly 5.8.3 DragonFly 4.8.1 DragonFly 3.8.2 DragonFly 2.10.1 DragonFly 1.12.1 DragonFly 1.0A HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 Inferno 4th Edition IRIX 6.5.30 Linux Slackware 3.1 MACH 2.5/i386 macOS 26.0 macOS 15.7 macOS 14.8 macOS 13.6.5 macOS 12.7.3 macOS 11.1 macOS 10.15.0 macOS 10.13.6 macOS 10.12.0 Minix 3.3.0 Minix 3.2.1 Minix 3.2.0 Minix 3.1.7 Minix 3.1.6 Minix 3.1.5 Minix 2.0.0 NetBSD 10.1 NetBSD 10.0 NetBSD 9.4 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.3 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.2 NetBSD 7.1.2 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.2.3 NetBSD 5.2 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.8 OpenBSD 7.7 OpenBSD 7.6 OpenBSD 7.5 OpenBSD 7.4 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.2/x86 OpenDarwin 6.6.1/x86 OpenDarwin 20030208pre4/ppc OpenIndiana 2024.10 OpenIndiana 2022.10 OpenIndiana 2020.10 OpenIndiana 2017.10 OpenIndiana 2015.10 OpenIndiana 2013.08 OpenSolaris 2010.03 OpenSolaris 2009.06 OpenStep 4.2 openSUSE 42.3 openSUSE 42.2 openSUSE 42.1 openSUSE 16.0 openSUSE 15.6 openSUSE 15.5 openSUSE 15.4 openSUSE 15.3 openSUSE 15.2 openSUSE 15.1 openSUSE 15.0 openSUSE 13.2 openSUSE 13.1 openSUSE 11.4 openSUSE 11.3 openSUSE 11.2 openSUSE 10.3 openSUSE 10.2 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips Plan 9 Red Hat 9.0 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Rhapsody DR1 Rhapsody DR2 Rocky 10.0 Rocky 9.6 Rocky 9.5 Rocky 9.4 Rocky 9.3 Rocky 9.2 Rocky 9.1 Rocky 9.0 Rocky 8.10 Rocky 8.9 Rocky 8.8 Rocky 8.7 Rocky 8.6 Rocky 8.5 Rocky 8.4 Rocky 8.3 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 Ubuntu 24.04 noble Ubuntu 23.10 mantic Ubuntu 22.04 jammy Ubuntu 20.04 focal Ubuntu 18.04 bionic Ubuntu 16.04 xenial Ubuntu 14.04 trusty ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

IODINE(8)		    System Manager's Manual		     IODINE(8)

NAME
       iodine, iodined - tunnel	IPv4 over DNS

SYNOPSIS
       iodine [-v]

       iodine [-h]

       iodine [-4] [-6]	[-f] [-r] [-u user ] [-P password ] [-m	fragsize ] [-t
       chrootdir ] [-d device ]	[-R rdomain ] [-m fragsize ] [-M namelen ] [-z
       context	]  [-F pidfile ] [-T dnstype ] [-O downenc ] [-L 0|1 ] [-I in-
       terval ]	[ nameserver ] topdomain

       iodined [-v]

       iodined [-h]

       iodined [-4] [-6] [-c] [-s] [-f]	[-D] [-u user ]	[-t  chrootdir	]  [-d
       device  ]  [-m mtu ] [-l	listen_ip4 ] [-L listen_ip6 ] [-p port ] [-n (
       auto | external_ip ) ] [-b dnsport ] [-P	password ] [-z context	]  [-F
       pidfile ] [-i max_idle_time ] tunnel_ip [ /netmask ] topdomain

DESCRIPTION
       iodine lets you tunnel IPv4 data	through	a DNS server. This can be use-
       ful  in situations where	Internet access	is firewalled, but DNS queries
       are allowed. It needs a TUN/TAP device to  operate.  The	 bandwidth  is
       asymmetrical,  with  a  measured	maximum	of 680 kbit/s upstream and 2.3
       Mbit/s downstream in a wired LAN	 test  network.	  Realistic  sustained
       throughput  on  a Wifi network using a carrier-grade DNS	cache has been
       measured	at some	50 kbit/s upstream and	over  200  kbit/s  downstream.
       iodine is the client application, iodined is the	server.

       Note:  server and client	are required to	speak the exact	same protocol.
       In most cases, this means running the  same  iodine  version.  Unfortu-
       nately,	implementing  backward	and  forward protocol compatibility is
       usually not feasible.

OPTIONS
   Common Options:
       -v     Print version info and exit.

       -h     Print usage info and exit.

       -f     Keep running in foreground.

       -4     Force/allow only IPv4 DNS	queries

       -6     Force/allow only IPv6 DNS	queries

       -u user
	      Drop privileges and run as user 'user' after setting up tunnel.

       -t chrootdir
	      Chroot to	'chrootdir' after setting up tunnel.

       -d device
	      Use the TUN device 'device' instead of the normal	one, which  is
	      dnsX  on	Linux  and  otherwise tunX. On Mac OS X	10.6, this can
	      also be utunX, which will	attempt	to use an  utun	 device	 built
	      into the OS.

       -P password
	      Use  'password' to authenticate. If not used, stdin will be used
	      as input.	Only the first 32 characters will be used.

       -z context
	      Apply SELinux 'context' after initialization.

       -F pidfile
	      Create 'pidfile' and write process id in it.

   Client Options:
       -r     Skip raw UDP mode. If not	used, iodine will try getting the pub-
	      lic IP address of	the iodined host and test if it	 is  reachable
	      directly.	 If  it	is, traffic will be sent to the	server instead
	      of the DNS relay.

       -R rdomain
	      Use OpenBSD routing domain 'rdomain' for the DNS connection.

       -m fragsize
	      Force maximum downstream fragment	size. Not  setting  this  will
	      cause  the  client  to  automatically probe the maximum accepted
	      downstream fragment size.

       -M namelen
	      Maximum length of	upstream hostnames, default 255.  Usable range
	      ca. 100 to 255.  Use this	option to scale	 back  upstream	 band-
	      width  in	 favor	of  downstream bandwidth.  Also	useful for DNS
	      servers that perform unreliably  when  using  full-length	 host-
	      names, noticeable	when fragment size autoprobe returns very dif-
	      ferent results each time.

       -T dnstype
	      DNS request type override.  By default, autodetection will probe
	      for  working DNS request types, and will select the request type
	      that is expected to provide the most bandwidth.  However,	it may
	      turn out that a DNS relay	imposes	limits that skew the  picture,
	      which  may  lead	to  an "unexpected" DNS	request	type providing
	      more bandwidth.  In that case, use this option to	 override  the
	      autodetection.   In  (expected)  decreasing bandwidth order, the
	      supported	DNS request types are: NULL, PRIVATE,  TXT,  SRV,  MX,
	      CNAME and	A (returning CNAME).  Note that	SRV, MX	and A may/will
	      cause  additional	 lookups by "smart" caching nameservers	to get
	      an actual	IP address, which may either slow down	or  fail  com-
	      pletely. The PRIVATE type	uses value 65399 (in the 'private use'
	      range) and requires servers implementing RFC 3597.

       -O downenc
	      Force  downstream	encoding type for all query type responses ex-
	      cept NULL.  Default is autodetected, but may not spot all	 prob-
	      lems  for	the more advanced codecs.  Use this option to override
	      the autodetection.  Base32 is the	lowest-grade codec and	should
	      always work; this	is used	when autodetection fails.  Base64 pro-
	      vides  more  bandwidth,  but  may	 not  work on all nameservers.
	      Base64u is equal to Base64 except	in using underscore ('_')  in-
	      stead  of	 plus  sign  ('+'), possibly working where Base64 does
	      not.  Base128 uses high byte values (mostly accented letters  in
	      iso8859-1),  which  might	 work  with some nameservers.  For TXT
	      queries, Raw will	provide	maximum	 performance,  but  this  will
	      only  work  if  the nameserver path is fully 8-bit-clean for re-
	      sponses that are assumed to be "legible text".

       -L 0|1 Lazy-mode	switch.	 -L1 (default):	Use  lazy  mode	 for  improved
	      performance and decreased	latency.  A very small minority	of DNS
	      relays appears to	be unable to handle the	lazy mode traffic pat-
	      tern,  resulting	in no or very little data coming through.  The
	      iodine client will detect	this and try to	switch back to	legacy
	      mode, but	this may not always work.  In these situations use -L0
	      to force running in legacy mode (implies -I1).

       -I interval
	      Maximum  interval	 between requests (pings) so that intermediate
	      DNS servers will not time	out. Default is	4 in lazy mode,	 which
	      will  work fine in most cases. When too many SERVFAIL errors oc-
	      cur, iodine will automatically reduce this to  1.	  To  get  ab-
	      solute  minimum  DNS  traffic, increase well above 4, but	not so
	      high that	SERVFAIL errors	start to occur.	 There	are  some  DNS
	      relays  with  very small timeouts, notably dnsadvantage.com (ul-
	      tradns), that will give SERVFAIL errors even with	-I1; data will
	      still get	trough,	and these errors can be	ignored.  Maximum use-
	      ful value	is 59, since iodined will close	a client's  connection
	      after 60 seconds of inactivity.

   Server Options:
       -c     Disable checking the client IP address on	all incoming requests.
	      By  default, requests originating	from non-matching IP addresses
	      will be rejected,	however	this will cause	problems when requests
	      are routed via a cluster of DNS servers.

       -s     Don't try	to configure IP	address	or MTU.	 This should  only  be
	      used  if	you  have  already  configured the device that will be
	      used.

       -D     Increase debug level. Level  1  prints  info  about  each	 RX/TX
	      packet.  Implies the -f option.  On level	2 (-DD)	or higher, DNS
	      queries  will be printed literally.  When	using Base128 upstream
	      encoding,	this is	best viewed as ISO  Latin-1  text  instead  of
	      (illegal)	 UTF-8.	  This	is  easily  done with :	"LC_ALL=C luit
	      iodined -DD ..."	(see luit(1)).

       -m mtu Set 'mtu'	as mtu size for	the tun	device.	 This will be sent  to
	      the  client  on  login, and the client will use the same mtu for
	      its tun device.  Default 1130.  Note that	the DNS	 traffic  will
	      be automatically fragmented when needed.

       -l external|listen_ip4
	      Make  the	 server	 listen	only on	'listen_ip4' for incoming IPv4
	      requests.	 By default, incoming requests are accepted  from  all
	      interfaces  (0.0.0.0).   A domain	name can be used as argument -
	      use one with only	one A record.  If  listen_ip4  is  'external',
	      iodined will use the opendns.com DNS service to retrieve the ex-
	      ternal IP	of the host and	use that as listen address.

       -L listen_ip6
	      Make  the	 server	 listen	only on	'listen_ip6' for incoming IPv6
	      requests.	 By default, incoming requests are accepted  from  all
	      interfaces  (::).	  A  domain name can be	used as	argument - use
	      one with only one	AAAA record.

       -p port
	      Make the server listen on	'port' instead of 53 for traffic.   If
	      'listen_ip4'  does not include localhost,	this 'port' can	be the
	      same as 'dnsport'.  Note:	You must make sure  the	 dns  requests
	      are forwarded to this port yourself.

       -n auto|external_ip
	      The  IP  address to return in NS responses. Default is to	return
	      the address used as destination in the query.  If	external_ip is
	      'auto', iodined will use the opendns.com DNS service to retrieve
	      the external IP of the host and use that for NS responses.

       -b dnsport
	      If this port is specified, all incoming requests not inside  the
	      tunnel domain will be forwarded to this port on localhost, to be
	      handled  by  a real dns.	If 'listen_ip' does not	include	local-
	      host, this 'dnsport' can be the same as 'port'.  Note: The  for-
	      warding  is  not	fully  transparent, and	not advised for	use in
	      production environments.

       -i max_idle_time
	      Make the server stop itself after	max_idle_time  seconds	if  no
	      traffic  have  been received.  This should be combined with sys-
	      temd or upstart on demand	activation for being effective.

   Client Arguments:
       nameserver
	      The nameserver to	use to relay the dns traffic. This can be  any
	      relaying	nameserver or the server running iodined if reachable.
	      This field can be	given as an IPv4/IPv6 address or  as  a	 host-
	      name.  This  argument  is	optional, and if not specified a name-
	      server will be read from the /etc/resolv.conf file.

       topdomain
	      The dns traffic will be sent as  queries	for  subdomains	 under
	      'topdomain'.  This  is normally a	subdomain to a domain you own.
	      Use a short domain name to get better throughput.	If  nameserver
	      is  the iodined server, then the topdomain can be	chosen freely.
	      This argument must be the	 same  on  both	 the  client  and  the
	      server.

   Server Arguments:
       tunnel_ip[/netmask]
	      This is the server's ip address on the tun interface. The	client
	      will be given the	next ip	number in the range. It	is recommended
	      to use the 10.0.0.0 or 172.16.0.0	ranges.	The default netmask is
	      /27,  can	 be  overridden	by specifying it here. Using a smaller
	      network will limit the number of concurrent users.

       topdomain
	      The dns traffic is expected to arrive as queries for  subdomains
	      under  'topdomain'. This is normally a subdomain to a domain you
	      own. Use a short domain name to get better throughput. This  ar-
	      gument  must  be	the  same  on  both the	client and the server.
	      Queries for domains other	than  'topdomain'  will	 be  forwarded
	      when the -b option is given, otherwise they will be dropped. The
	      topdomain	can start with '*' which will allow all	domains	ending
	      with the same suffix.

EXAMPLES
       See  the	README file for	both a quick test scenario, and	a detailed de-
       scription of real-world deployment.

SECURITY
       Login is	a relatively secure  challenge-response	 MD5  hash,  with  the
       password	 never	passing	 the wire.  However, all other data is NOT en-
       crypted in any way. The DNS traffic is also vulnerable to  replay,  in-
       jection	and man-in-the-middle attacks, especially when iodined is used
       with the	-c option. Use of ssh or  vpn  tunneling  is  strongly	recom-
       mended.	On both	server and client, use iptables, pf or other firewalls
       to  block  all traffic coming in	from the tun interfaces, except	to the
       used ssh	or vpn ports.

ENVIRONMENT
   IODINE_PASS
       If the environment variable IODINE_PASS is set,	iodine	will  use  the
       value it	is set to as password instead of asking	for one. The -P	option
       still has precedence.

   IODINED_PASS
       If  the	environment variable IODINED_PASS is set, iodined will use the
       value it	is set to as password instead of asking	for one. The -P	option
       still has precedence.

SEE ALSO
       The README file in the source distribution contains some	more elaborate
       information.

BUGS
       File bugs at https://github.com/yarrick/iodine

AUTHORS
       Erik Ekman <yarrick@kryo.se> and	Bjorn Andersson	<flex@kryo.se>.	 Major
       contributions by	Anne Bezemer.

User Manuals			   APR 2023			     IODINE(8)

---

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SECURITY | ENVIRONMENT | SEE ALSO | BUGS | AUTHORS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=iodine&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help

---

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact